[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor Weekly News â June 11th, 2014

Tor Weekly News                                          June 11th, 2014

Welcome to the twenty-third issue of Tor Weekly News in 2014, the weekly
newsletter that covers what is happening in the Tor community.

Tor Browser 3.6.2 is out

Version 3.6.2 of the Tor Browser has been released [1], featuring âa fix
to allow the configuration of a local HTTP or SOCKS proxy with all
included Pluggable Transportsâ, as well as important fixes to mitigate
recent OpenSSL vulnerabilities, among other security updates. All users
are advised to upgrade [2] as soon as possible.

  [1]: https://blog.torproject.org/blog/tor-browser-362-released
  [2]: https://www.torproject.org/download/download-easy.html

The EFF announces its 2014 Tor Challenge

As part of the wider âReset the Netâ event [3], the Electronic Frontier
Foundation has launched [4] another in its occasional series of Tor
Challenges. The goal of the campaign is to increase the Tor networkâs
capacity and diversity by encouraging members of the public to run
relays, and directing them to the legal and technical guidance necessary
to do so.

So far, over 600 relays have been started (or had their capacity
increased) as part of the campaign: you can see a running total of
relays and bytes transferred on the campaign page [5]. Once youâve set
up your relay, you can register it on the page (anonymously or credited
to your name); stickers and T-shirts are on offer for those who run
relays of a certain size or for a certain period.

If you run into trouble setting up your relay, you can also find expert
advice and discussion on the tor-relays mailing list [6] or the #tor
channel on irc.oftc.net.

  [3]: https://blog.torproject.org/blog/reset-net
  [4]: https://blog.torproject.org/blog/tor-challenge-2014
  [5]: https://www.eff.org/torchallenge/
  [6]: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Tor and the âEarlyCCSâ bug

Following Aprilâs much-loved âHeartbleedâ bug, another OpenSSL
vulnerability was discovered â nicknamed âEarlyCCSâ [7] â that could
have an impact on the security of many internet services, including Tor.
Nick Mathewson explained [8] that although âTor is comparatively
resilient to having one layer of crypto removedâ, it may be affected to
the extent that âan adversary in the position to run a MITM attack on a
Tor client or relay could cause a TLS connection to be negotiated
without real encryption or authentication.â

Tor users and relay operators should make sure to update their OpenSSL
and Tor packages as soon as possible; those using a system tor (rather
than or in addition to the Tor Browser) should ensure that they restart
it once the updates are installed; otherwise they will not take effect.

  [7]: http://ccsinjection.lepidum.co.jp/
  [8]: https://lists.torproject.org/pipermail/tor-talk/2014-June/033161.html

A new website for the directory archive

Karsten Loesing announced [9] the new CollecTor service [10], which
spins off the directory archive section from the Metrics [11] portal.

Whatâs different? Archive tarballs are now provided in a directory
structure rather than a single directory [12], recently published
descriptors can now be accessed much more easily [13], and the
documentation of descriptor formats [14] has been updated.

The now obsolete rsync access to metrics-archive and metrics-recent will
be discontinued on August 4, 2014.

  [9]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006942.html
 [10]: https://collector.torproject.org/
 [11]: https://metrics.torproject.org/
 [12]: https://collector.torproject.org/archive/
 [13]: https://collector.torproject.org/recent/
 [14]: https://collector.torproject.org/formats.html

More monthly status reports for May 2014

The wave of regular monthly reports from Tor project members for the
month of May continued, with reports from Karsten Loesing [15], Isis
Lovecruft (who submitted reports for both April [16] and May [17]),
George Kadianakis [18], Nicolas Vigier [19], and Roger Dingledine [20].

Roger also sent the report for SponsorF [21].

 [15]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000551.html
 [16]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000553.html
 [17]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000552.html
 [18]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000554.html
 [19]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000556.html
 [20]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000559.html
 [21]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000558.html

Miscellaneous news

The Tails developers formally announced [22] the upcoming Tails
Hackfest, inviting absolutely âanyone interested in making Tails more
usable and more secureâ to join them in Paris on the 5th and 6th of July
(immediately after the Tor dev meeting) and âlearn about the challenges
faced by Tails, and how you can be part of the solutionâ. Fuller details
of the venue and timetable can be found on the Tails website [23].

 [22]: https://tails.boum.org/news/Join_us_at_the_Tails_HackFest_2014/
 [23]: https://tails.boum.org/blueprint/HackFest_2014_Paris/

Several of Torâs Google Summer of Code students submitted their regular
progress reports: Juha Nurmi on the ahmia.fi project [24], Israel Leiva
on the GetTor revamp [25], Amogh Pradeep on the Orbot+Orfox
project [26], Quinn Jarrell on the pluggable transport combiner [27],
Marc Juarez on the link-padding pluggable transport development [28],
Noah Rahman on the Stegotorus refactoring work [29], Sreenatha
Bhatlapenumarthi on the Tor Weather rewrite [30], Daniel Martà on the
implementation of consensus diffs [31], and Mikhail Belous on the
multicore tor daemon [32].

 [24]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000555.html
 [25]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006959.html
 [26]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006960.html
 [27]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006961.html
 [28]: https://lists.torproject.org/pipermail/tor-reports/2014-June/000557.html
 [29]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006962.html
 [30]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006964.html
 [31]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006966.html
 [32]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006984.html

Thanks to moparisthebest [33] for running a mirror of the Tor Project

 [33]: https://lists.torproject.org/pipermail/tor-mirrors/2014-June/000612.html

Roger Dingledine asked [34] the tor-relays mailing list about the
situation of Mac OS X users who would like to run Tor relays, and what
steps should be taken to make it easier for them to do so ânow that the
Vidalia bundles are deprecated and hard to findâ.

 [34]: https://lists.torproject.org/pipermail/tor-relays/2014-June/004642.html

Isis Lovecruft has deployed BridgeDB version 0.2.2 [35] which contains
many fixes and translation updates. The email autoresponder should not
reply with empty emails any more.

 [35]: https://gitweb.torproject.org/bridgedb.git/blob_plain/cb8b01bc:/CHANGELOG

Damian Johnson has written up [36] several ideas regarding a possible
rewrite of the ExoneraTor service [37] in Python.

 [36]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006970.html
 [37]: https://exonerator.torproject.org/

HTTPS is sometimes heavily throttled by censors, making it hard to
download the Tor Browser over an HTTPS link. Israel Leiva is asking for
feedback [38] about making the GetTor email service reply with links to
unencrypted HTTP servers as a work-around.

 [38]: https://lists.torproject.org/pipermail/tor-dev/2014-June/006977.html

Tor help desk roundup

The help desk has been asked for information on TorCoin, a proposed
cryptocurrency. TorCoin is not affiliated with or endorsed by the Tor
Project. The Tor Project publishes guidelines on the use of its
trademark to try to prevent confusing uses of the Tor name [39].

 [39]: https://www.torproject.org/docs/trademark-faq.html.en

Easy development tasks to get involved with

obfsproxy, the traffic obfuscator, opens the âauthcookieâ file for each
new incoming connection. George Kadianakis suggests that it should
instead read the file on startup and keep its content in memory during
operation [40]. obfsproxy is written in Python/Twisted. The change
should be pretty small, but if you like finding the right places that
need changing, feel free to look at the ticket and post your patch

 [40]: https://bugs.torproject.org/9822

Upcoming events

June 11 19:00 UTC | little-t tor development meeting
                  | #tor-dev, irc.oftc.net
                  | https://lists.torproject.org/pipermail/tor-dev/2014-May/006888.html
June 11 19:00 UTC | Tails contributors meeting
                  | #tails-dev, irc.oftc.net
                  | https://mailman.boum.org/pipermail/tails-dev/2014-May/005818.html
June 13 15:00 UTC | Tor Browser online meeting
                  | #tor-dev, irc.oftc.net
                  | https://lists.torproject.org/pipermail/tbb-dev/2014-April/000049.html
June 30 â Aug 4   | Torâs Summer Dev Meeting
                  | Paris, France
                  | https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting

This issue of Tor Weekly News has been assembled by Lunar, harmony, Matt
Pagan, Karsten Loesing, and Roger Dingledine.

Want to continue reading TWN? Please help us create this newsletter.
We still need more volunteers to watch the Tor community and report
important news. Please see the project page [41], write down your
name and subscribe to the team mailing list [42] if you want to
get involved!

 [41]: https://trac.torproject.org/projects/tor/wiki/TorWeeklyNews
 [42]: https://lists.torproject.org/cgi-bin/mailman/listinfo/news-team
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to